Prevent content hosts from obtaining subscription from virt-who

Hello All,

I'm working on building out a 6.7 satellite instance with VDC subscriptions and a virt-who config. My concern is that we have several RHEL servers that are not attached to our satellite instance as they are vendor-provided and we do not manage them, if one of these RHEL servers were to get placed on one of our vmware esxi hypervisors that has the VDC entitlement will it auto-subscribe that server somehow? I feel like this is not possible but can't find supporting documentation. What is required for vitrt-who to actually subscribe a system, does it have to be subscribed to satellite for all of this to work as well as the activation key with auto attached?

Also, bonus question if anybody knows, what happens if that vmware exsi hypervisor goes down, how long do we have to remove and re-add a VDC entitlement to a new hypervisor? or is there some grace period for the RHEL servers to stay entitled although there is no virt-who process reporting back say in 2-5 days?

Thanks all in advance.